A new cyberattack called RAMBO has been discovered that can steal data from air-gapped networks by using radio signals emitted by a computer's RAM. This technique could allow hackers to extract sensitive information from systems that are physically isolated from the internet.
Dr. Mordechai Guri from Ben Gurion University in Israel, who created the RAMBO method, explains that malware can make RAM send out radio signals, which can then be intercepted using basic hardware like a software-defined radio (SDR) and an antenna. The stolen data could include things like files, keystrokes, biometric information, and encryption keys.
Table of Contents
ToggleHow Does RAMBO Work?
The RAMBO attack involves malware that forces a computer's RAM to emit radio signals at specific frequencies. Hackers can capture these signals and decode them to retrieve sensitive data, such as keystrokes or documents, without physically accessing the air-gapped network. Dr. Guri demonstrated that information like encryption keys or small files can be stolen within seconds.
Previous Techniques
This isn't Dr. Guri's first breakthrough in data theft. He has previously developed methods to extract data using unusual sources like network card LEDs, power supply emissions, and even the sounds produced by computer fans.
How to Protect Against RAMBO Attacks
Here are a few ways to protect your air-gapped network from attacks like RAMBO:
- Use Intrusion Detection Systems (IDS): These can help detect suspicious activity.
- Monitor Memory Access: Keep an eye on who is accessing your system’s memory.
- Radio Jammers: Devices that block radio signals can prevent data leaks.
- Faraday Cages: Shield sensitive systems to block any radio signals from getting out.
By following these steps, organizations can help secure their air-gapped systems and protect valuable data from new threats like RAMBO.